Exploiting Ruby deserialization using a documented gadget chain - Lab#07

In this video, I demonstrate how to exploit Ruby on Rails deserialization using a documented gadget chain to achieve remote code execution (RCE). The target application uses a serialization-based session mechanism, which can be abused by crafting a malicious serialized object. Using a known exploit against Ruby on Rails deserialization, I generate a payload that deletes the morale.txt file from Carlos’s home directory, completing the lab challenge. 🔹 Lab Type: Insecure Deserialization (Ruby on Rails) 🔹 Framework: Ruby on Rails 🔹 Exploit Strategy: Use documented gadget chain to generate RCE payload → Inject into session 🔹 Target Action: Delete morale.txt 📌 Subscribe for more lab walkthroughs, real-world deserialization attacks, and Ruby exploitation content! 🧠🐍💣 #RubyOnRails #InsecureDeserialization #RCE #WebSecurity #PortSwigger #BugBounty #CyberSecurity #EthicalHacking #CTF